]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_ie.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move generic AP functionality implementation into src/ap
[thirdparty/hostap.git] / src / ap / wpa_auth_ie.c
1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "config.h"
19 #include "ieee802_11.h"
20 #include "eapol_auth/eapol_auth_sm.h"
21 #include "wpa.h"
22 #include "pmksa_cache.h"
23 #include "wpa_auth_ie.h"
24 #include "wpa_auth_i.h"
25
26
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
28 {
29 struct wpa_ie_hdr *hdr;
30 int num_suites;
31 u8 *pos, *count;
32
33 hdr = (struct wpa_ie_hdr *) buf;
34 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
35 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
36 WPA_PUT_LE16(hdr->version, WPA_VERSION);
37 pos = (u8 *) (hdr + 1);
38
39 if (conf->wpa_group == WPA_CIPHER_CCMP) {
40 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
41 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
42 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
43 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
44 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
45 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
46 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
47 } else {
48 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
49 conf->wpa_group);
50 return -1;
51 }
52 pos += WPA_SELECTOR_LEN;
53
54 num_suites = 0;
55 count = pos;
56 pos += 2;
57
58 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
59 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
60 pos += WPA_SELECTOR_LEN;
61 num_suites++;
62 }
63 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
64 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
65 pos += WPA_SELECTOR_LEN;
66 num_suites++;
67 }
68 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
69 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
70 pos += WPA_SELECTOR_LEN;
71 num_suites++;
72 }
73
74 if (num_suites == 0) {
75 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
76 conf->wpa_pairwise);
77 return -1;
78 }
79 WPA_PUT_LE16(count, num_suites);
80
81 num_suites = 0;
82 count = pos;
83 pos += 2;
84
85 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
86 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
87 pos += WPA_SELECTOR_LEN;
88 num_suites++;
89 }
90 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
91 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
92 pos += WPA_SELECTOR_LEN;
93 num_suites++;
94 }
95
96 if (num_suites == 0) {
97 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
98 conf->wpa_key_mgmt);
99 return -1;
100 }
101 WPA_PUT_LE16(count, num_suites);
102
103 /* WPA Capabilities; use defaults, so no need to include it */
104
105 hdr->len = (pos - buf) - 2;
106
107 return pos - buf;
108 }
109
110
111 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
112 const u8 *pmkid)
113 {
114 struct rsn_ie_hdr *hdr;
115 int num_suites;
116 u8 *pos, *count;
117 u16 capab;
118
119 hdr = (struct rsn_ie_hdr *) buf;
120 hdr->elem_id = WLAN_EID_RSN;
121 WPA_PUT_LE16(hdr->version, RSN_VERSION);
122 pos = (u8 *) (hdr + 1);
123
124 if (conf->wpa_group == WPA_CIPHER_CCMP) {
125 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
126 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
127 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
128 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
129 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
130 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
131 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
132 } else {
133 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
134 conf->wpa_group);
135 return -1;
136 }
137 pos += RSN_SELECTOR_LEN;
138
139 num_suites = 0;
140 count = pos;
141 pos += 2;
142
143 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
144 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
145 pos += RSN_SELECTOR_LEN;
146 num_suites++;
147 }
148 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
149 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
150 pos += RSN_SELECTOR_LEN;
151 num_suites++;
152 }
153 if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
154 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
155 pos += RSN_SELECTOR_LEN;
156 num_suites++;
157 }
158
159 if (num_suites == 0) {
160 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
161 conf->rsn_pairwise);
162 return -1;
163 }
164 WPA_PUT_LE16(count, num_suites);
165
166 num_suites = 0;
167 count = pos;
168 pos += 2;
169
170 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
171 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
172 pos += RSN_SELECTOR_LEN;
173 num_suites++;
174 }
175 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
176 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
177 pos += RSN_SELECTOR_LEN;
178 num_suites++;
179 }
180 #ifdef CONFIG_IEEE80211R
181 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
182 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
183 pos += RSN_SELECTOR_LEN;
184 num_suites++;
185 }
186 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
187 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
188 pos += RSN_SELECTOR_LEN;
189 num_suites++;
190 }
191 #endif /* CONFIG_IEEE80211R */
192 #ifdef CONFIG_IEEE80211W
193 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
194 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
195 pos += RSN_SELECTOR_LEN;
196 num_suites++;
197 }
198 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
199 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
200 pos += RSN_SELECTOR_LEN;
201 num_suites++;
202 }
203 #endif /* CONFIG_IEEE80211W */
204
205 if (num_suites == 0) {
206 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
207 conf->wpa_key_mgmt);
208 return -1;
209 }
210 WPA_PUT_LE16(count, num_suites);
211
212 /* RSN Capabilities */
213 capab = 0;
214 if (conf->rsn_preauth)
215 capab |= WPA_CAPABILITY_PREAUTH;
216 if (conf->peerkey)
217 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
218 if (conf->wmm_enabled) {
219 /* 4 PTKSA replay counters when using WMM */
220 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
221 }
222 #ifdef CONFIG_IEEE80211W
223 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
224 capab |= WPA_CAPABILITY_MFPC;
225 if (conf->ieee80211w == IEEE80211W_REQUIRED)
226 capab |= WPA_CAPABILITY_MFPR;
227 }
228 #endif /* CONFIG_IEEE80211W */
229 WPA_PUT_LE16(pos, capab);
230 pos += 2;
231
232 if (pmkid) {
233 if (pos + 2 + PMKID_LEN > buf + len)
234 return -1;
235 /* PMKID Count */
236 WPA_PUT_LE16(pos, 1);
237 pos += 2;
238 os_memcpy(pos, pmkid, PMKID_LEN);
239 pos += PMKID_LEN;
240 }
241
242 #ifdef CONFIG_IEEE80211W
243 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
244 if (pos + 2 + 4 > buf + len)
245 return -1;
246 if (pmkid == NULL) {
247 /* PMKID Count */
248 WPA_PUT_LE16(pos, 0);
249 pos += 2;
250 }
251
252 /* Management Group Cipher Suite */
253 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
254 pos += RSN_SELECTOR_LEN;
255 }
256 #endif /* CONFIG_IEEE80211W */
257
258 hdr->len = (pos - buf) - 2;
259
260 return pos - buf;
261 }
262
263
264 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
265 {
266 u8 *pos, buf[128];
267 int res;
268
269 pos = buf;
270
271 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
272 res = wpa_write_rsn_ie(&wpa_auth->conf,
273 pos, buf + sizeof(buf) - pos, NULL);
274 if (res < 0)
275 return res;
276 pos += res;
277 }
278 #ifdef CONFIG_IEEE80211R
279 if (wpa_auth->conf.wpa_key_mgmt &
280 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) {
281 res = wpa_write_mdie(&wpa_auth->conf, pos,
282 buf + sizeof(buf) - pos);
283 if (res < 0)
284 return res;
285 pos += res;
286 }
287 #endif /* CONFIG_IEEE80211R */
288 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
289 res = wpa_write_wpa_ie(&wpa_auth->conf,
290 pos, buf + sizeof(buf) - pos);
291 if (res < 0)
292 return res;
293 pos += res;
294 }
295
296 os_free(wpa_auth->wpa_ie);
297 wpa_auth->wpa_ie = os_malloc(pos - buf);
298 if (wpa_auth->wpa_ie == NULL)
299 return -1;
300 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
301 wpa_auth->wpa_ie_len = pos - buf;
302
303 return 0;
304 }
305
306
307 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
308 const u8 *data2, size_t data2_len)
309 {
310 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
311 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
312 RSN_SELECTOR_PUT(pos, kde);
313 pos += RSN_SELECTOR_LEN;
314 os_memcpy(pos, data, data_len);
315 pos += data_len;
316 if (data2) {
317 os_memcpy(pos, data2, data2_len);
318 pos += data2_len;
319 }
320 return pos;
321 }
322
323
324 static int wpa_selector_to_bitfield(const u8 *s)
325 {
326 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
327 return WPA_CIPHER_NONE;
328 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
329 return WPA_CIPHER_WEP40;
330 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
331 return WPA_CIPHER_TKIP;
332 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
333 return WPA_CIPHER_CCMP;
334 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
335 return WPA_CIPHER_WEP104;
336 return 0;
337 }
338
339
340 static int wpa_key_mgmt_to_bitfield(const u8 *s)
341 {
342 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
343 return WPA_KEY_MGMT_IEEE8021X;
344 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
345 return WPA_KEY_MGMT_PSK;
346 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
347 return WPA_KEY_MGMT_WPA_NONE;
348 return 0;
349 }
350
351
352 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
353 struct wpa_ie_data *data)
354 {
355 const struct wpa_ie_hdr *hdr;
356 const u8 *pos;
357 int left;
358 int i, count;
359
360 os_memset(data, 0, sizeof(*data));
361 data->pairwise_cipher = WPA_CIPHER_TKIP;
362 data->group_cipher = WPA_CIPHER_TKIP;
363 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
364 data->mgmt_group_cipher = 0;
365
366 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
367 return -1;
368
369 hdr = (const struct wpa_ie_hdr *) wpa_ie;
370
371 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
372 hdr->len != wpa_ie_len - 2 ||
373 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
374 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
375 return -2;
376 }
377
378 pos = (const u8 *) (hdr + 1);
379 left = wpa_ie_len - sizeof(*hdr);
380
381 if (left >= WPA_SELECTOR_LEN) {
382 data->group_cipher = wpa_selector_to_bitfield(pos);
383 pos += WPA_SELECTOR_LEN;
384 left -= WPA_SELECTOR_LEN;
385 } else if (left > 0)
386 return -3;
387
388 if (left >= 2) {
389 data->pairwise_cipher = 0;
390 count = WPA_GET_LE16(pos);
391 pos += 2;
392 left -= 2;
393 if (count == 0 || left < count * WPA_SELECTOR_LEN)
394 return -4;
395 for (i = 0; i < count; i++) {
396 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
397 pos += WPA_SELECTOR_LEN;
398 left -= WPA_SELECTOR_LEN;
399 }
400 } else if (left == 1)
401 return -5;
402
403 if (left >= 2) {
404 data->key_mgmt = 0;
405 count = WPA_GET_LE16(pos);
406 pos += 2;
407 left -= 2;
408 if (count == 0 || left < count * WPA_SELECTOR_LEN)
409 return -6;
410 for (i = 0; i < count; i++) {
411 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
412 pos += WPA_SELECTOR_LEN;
413 left -= WPA_SELECTOR_LEN;
414 }
415 } else if (left == 1)
416 return -7;
417
418 if (left >= 2) {
419 data->capabilities = WPA_GET_LE16(pos);
420 pos += 2;
421 left -= 2;
422 }
423
424 if (left > 0) {
425 return -8;
426 }
427
428 return 0;
429 }
430
431
432 struct wpa_auth_okc_iter_data {
433 struct rsn_pmksa_cache_entry *pmksa;
434 const u8 *aa;
435 const u8 *spa;
436 const u8 *pmkid;
437 };
438
439
440 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
441 {
442 struct wpa_auth_okc_iter_data *data = ctx;
443 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
444 data->pmkid);
445 if (data->pmksa)
446 return 1;
447 return 0;
448 }
449
450
451 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
452 struct wpa_state_machine *sm,
453 const u8 *wpa_ie, size_t wpa_ie_len,
454 const u8 *mdie, size_t mdie_len)
455 {
456 struct wpa_ie_data data;
457 int ciphers, key_mgmt, res, version;
458 u32 selector;
459 size_t i;
460 const u8 *pmkid = NULL;
461
462 if (wpa_auth == NULL || sm == NULL)
463 return WPA_NOT_ENABLED;
464
465 if (wpa_ie == NULL || wpa_ie_len < 1)
466 return WPA_INVALID_IE;
467
468 if (wpa_ie[0] == WLAN_EID_RSN)
469 version = WPA_PROTO_RSN;
470 else
471 version = WPA_PROTO_WPA;
472
473 if (!(wpa_auth->conf.wpa & version)) {
474 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
475 version, MAC2STR(sm->addr));
476 return WPA_INVALID_PROTO;
477 }
478
479 if (version == WPA_PROTO_RSN) {
480 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
481
482 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
483 if (0) {
484 }
485 #ifdef CONFIG_IEEE80211R
486 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
487 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
488 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
489 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
490 #endif /* CONFIG_IEEE80211R */
491 #ifdef CONFIG_IEEE80211W
492 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
493 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
494 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
495 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
496 #endif /* CONFIG_IEEE80211W */
497 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
498 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
499 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
500 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
501 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
502
503 selector = RSN_CIPHER_SUITE_CCMP;
504 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
505 selector = RSN_CIPHER_SUITE_CCMP;
506 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
507 selector = RSN_CIPHER_SUITE_TKIP;
508 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
509 selector = RSN_CIPHER_SUITE_WEP104;
510 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
511 selector = RSN_CIPHER_SUITE_WEP40;
512 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
513 selector = RSN_CIPHER_SUITE_NONE;
514 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
515
516 selector = RSN_CIPHER_SUITE_CCMP;
517 if (data.group_cipher & WPA_CIPHER_CCMP)
518 selector = RSN_CIPHER_SUITE_CCMP;
519 else if (data.group_cipher & WPA_CIPHER_TKIP)
520 selector = RSN_CIPHER_SUITE_TKIP;
521 else if (data.group_cipher & WPA_CIPHER_WEP104)
522 selector = RSN_CIPHER_SUITE_WEP104;
523 else if (data.group_cipher & WPA_CIPHER_WEP40)
524 selector = RSN_CIPHER_SUITE_WEP40;
525 else if (data.group_cipher & WPA_CIPHER_NONE)
526 selector = RSN_CIPHER_SUITE_NONE;
527 wpa_auth->dot11RSNAGroupCipherSelected = selector;
528 } else {
529 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
530
531 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
532 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
533 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
534 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
535 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
536 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
537
538 selector = WPA_CIPHER_SUITE_TKIP;
539 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
540 selector = WPA_CIPHER_SUITE_CCMP;
541 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
542 selector = WPA_CIPHER_SUITE_TKIP;
543 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
544 selector = WPA_CIPHER_SUITE_WEP104;
545 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
546 selector = WPA_CIPHER_SUITE_WEP40;
547 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
548 selector = WPA_CIPHER_SUITE_NONE;
549 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
550
551 selector = WPA_CIPHER_SUITE_TKIP;
552 if (data.group_cipher & WPA_CIPHER_CCMP)
553 selector = WPA_CIPHER_SUITE_CCMP;
554 else if (data.group_cipher & WPA_CIPHER_TKIP)
555 selector = WPA_CIPHER_SUITE_TKIP;
556 else if (data.group_cipher & WPA_CIPHER_WEP104)
557 selector = WPA_CIPHER_SUITE_WEP104;
558 else if (data.group_cipher & WPA_CIPHER_WEP40)
559 selector = WPA_CIPHER_SUITE_WEP40;
560 else if (data.group_cipher & WPA_CIPHER_NONE)
561 selector = WPA_CIPHER_SUITE_NONE;
562 wpa_auth->dot11RSNAGroupCipherSelected = selector;
563 }
564 if (res) {
565 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
566 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
567 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
568 return WPA_INVALID_IE;
569 }
570
571 if (data.group_cipher != wpa_auth->conf.wpa_group) {
572 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
573 MACSTR, data.group_cipher, MAC2STR(sm->addr));
574 return WPA_INVALID_GROUP;
575 }
576
577 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
578 if (!key_mgmt) {
579 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
580 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
581 return WPA_INVALID_AKMP;
582 }
583 if (0) {
584 }
585 #ifdef CONFIG_IEEE80211R
586 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
587 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
588 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
589 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
590 #endif /* CONFIG_IEEE80211R */
591 #ifdef CONFIG_IEEE80211W
592 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
593 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
594 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
595 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
596 #endif /* CONFIG_IEEE80211W */
597 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
598 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
599 else
600 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
601
602 if (version == WPA_PROTO_RSN)
603 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
604 else
605 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
606 if (!ciphers) {
607 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
608 "from " MACSTR,
609 version == WPA_PROTO_RSN ? "RSN" : "WPA",
610 data.pairwise_cipher, MAC2STR(sm->addr));
611 return WPA_INVALID_PAIRWISE;
612 }
613
614 #ifdef CONFIG_IEEE80211W
615 if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
616 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
617 wpa_printf(MSG_DEBUG, "Management frame protection "
618 "required, but client did not enable it");
619 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
620 }
621
622 if (ciphers & WPA_CIPHER_TKIP) {
623 wpa_printf(MSG_DEBUG, "Management frame protection "
624 "cannot use TKIP");
625 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
626 }
627
628 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
629 wpa_printf(MSG_DEBUG, "Unsupported management group "
630 "cipher %d", data.mgmt_group_cipher);
631 return WPA_INVALID_MGMT_GROUP_CIPHER;
632 }
633 }
634
635 if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
636 !(data.capabilities & WPA_CAPABILITY_MFPC))
637 sm->mgmt_frame_prot = 0;
638 else
639 sm->mgmt_frame_prot = 1;
640 #endif /* CONFIG_IEEE80211W */
641
642 #ifdef CONFIG_IEEE80211R
643 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
644 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
645 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
646 "MDIE not included");
647 return WPA_INVALID_MDIE;
648 }
649 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
650 MOBILITY_DOMAIN_ID_LEN) != 0) {
651 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
652 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
653 return WPA_INVALID_MDIE;
654 }
655 }
656 #endif /* CONFIG_IEEE80211R */
657
658 if (ciphers & WPA_CIPHER_CCMP)
659 sm->pairwise = WPA_CIPHER_CCMP;
660 else
661 sm->pairwise = WPA_CIPHER_TKIP;
662
663 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
664 if (wpa_ie[0] == WLAN_EID_RSN)
665 sm->wpa = WPA_VERSION_WPA2;
666 else
667 sm->wpa = WPA_VERSION_WPA;
668
669 sm->pmksa = NULL;
670 for (i = 0; i < data.num_pmkid; i++) {
671 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
672 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
673 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
674 &data.pmkid[i * PMKID_LEN]);
675 if (sm->pmksa) {
676 pmkid = sm->pmksa->pmkid;
677 break;
678 }
679 }
680 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
681 i < data.num_pmkid; i++) {
682 struct wpa_auth_okc_iter_data idata;
683 idata.pmksa = NULL;
684 idata.aa = wpa_auth->addr;
685 idata.spa = sm->addr;
686 idata.pmkid = &data.pmkid[i * PMKID_LEN];
687 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
688 if (idata.pmksa) {
689 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
690 "OKC match for PMKID");
691 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
692 idata.pmksa,
693 wpa_auth->addr,
694 idata.pmkid);
695 pmkid = idata.pmkid;
696 break;
697 }
698 }
699 if (sm->pmksa) {
700 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
701 "PMKID found from PMKSA cache "
702 "eap_type=%d vlan_id=%d",
703 sm->pmksa->eap_type_authsrv,
704 sm->pmksa->vlan_id);
705 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
706 }
707
708 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
709 os_free(sm->wpa_ie);
710 sm->wpa_ie = os_malloc(wpa_ie_len);
711 if (sm->wpa_ie == NULL)
712 return WPA_ALLOC_FAIL;
713 }
714 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
715 sm->wpa_ie_len = wpa_ie_len;
716
717 return WPA_IE_OK;
718 }
719
720
721 /**
722 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
723 * @pos: Pointer to the IE header
724 * @end: Pointer to the end of the Key Data buffer
725 * @ie: Pointer to parsed IE data
726 * Returns: 0 on success, 1 if end mark is found, -1 on failure
727 */
728 static int wpa_parse_generic(const u8 *pos, const u8 *end,
729 struct wpa_eapol_ie_parse *ie)
730 {
731 if (pos[1] == 0)
732 return 1;
733
734 if (pos[1] >= 6 &&
735 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
736 pos[2 + WPA_SELECTOR_LEN] == 1 &&
737 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
738 ie->wpa_ie = pos;
739 ie->wpa_ie_len = pos[1] + 2;
740 return 0;
741 }
742
743 if (pos + 1 + RSN_SELECTOR_LEN < end &&
744 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
745 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
746 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
747 return 0;
748 }
749
750 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
751 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
752 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
753 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
754 return 0;
755 }
756
757 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
758 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
759 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
760 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
761 return 0;
762 }
763
764 #ifdef CONFIG_PEERKEY
765 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
766 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
767 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
768 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
769 return 0;
770 }
771
772 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
773 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
774 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
775 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
776 return 0;
777 }
778
779 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
780 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
781 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
782 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
783 return 0;
784 }
785
786 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
787 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
788 ie->error = pos + 2 + RSN_SELECTOR_LEN;
789 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
790 return 0;
791 }
792 #endif /* CONFIG_PEERKEY */
793
794 #ifdef CONFIG_IEEE80211W
795 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
796 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
797 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
798 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
799 return 0;
800 }
801 #endif /* CONFIG_IEEE80211W */
802
803 return 0;
804 }
805
806
807 /**
808 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
809 * @buf: Pointer to the Key Data buffer
810 * @len: Key Data Length
811 * @ie: Pointer to parsed IE data
812 * Returns: 0 on success, -1 on failure
813 */
814 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
815 {
816 const u8 *pos, *end;
817 int ret = 0;
818
819 os_memset(ie, 0, sizeof(*ie));
820 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
821 if (pos[0] == 0xdd &&
822 ((pos == buf + len - 1) || pos[1] == 0)) {
823 /* Ignore padding */
824 break;
825 }
826 if (pos + 2 + pos[1] > end) {
827 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
828 "underflow (ie=%d len=%d pos=%d)",
829 pos[0], pos[1], (int) (pos - buf));
830 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
831 buf, len);
832 ret = -1;
833 break;
834 }
835 if (*pos == WLAN_EID_RSN) {
836 ie->rsn_ie = pos;
837 ie->rsn_ie_len = pos[1] + 2;
838 #ifdef CONFIG_IEEE80211R
839 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
840 ie->mdie = pos;
841 ie->mdie_len = pos[1] + 2;
842 #endif /* CONFIG_IEEE80211R */
843 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
844 ret = wpa_parse_generic(pos, end, ie);
845 if (ret < 0)
846 break;
847 if (ret > 0) {
848 ret = 0;
849 break;
850 }
851 } else {
852 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
853 "Key Data IE", pos, 2 + pos[1]);
854 }
855 }
856
857 return ret;
858 }
859
860
861 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
862 {
863 return sm ? sm->mgmt_frame_prot : 0;
864 }
Unnamed repository; edit this file 'description' to name the repository.